Jérôme Segura
Lead Malware Intelligence Analyst

Security researcher with a focus on malvertising, exploits and scams. French; appreciates wine, bread and cheese.

August 25, 2016 - In this article we take a look at some tricks that target Google Chrome users to dupe them with the infamous tech support scam pop ups. In particular, we examine the fake address bar and alert dialogs which people have come to trust and yet can be deceiving.

CONTINUE READING1 Comment

August 15, 2016 - Something unusual happened in the exploit kit ecosystem. Two well-known malware distribution campaigns switched from Neutrino EK to RIG EK. A temporary blip or a more durable change? Only time will tell.

CONTINUE READINGNo Comments

August 12, 2016 - Keeping up with twists and turns on the exploit kit scene, we examine a new redirection mechanism to Neutrino EK which adds fingerprinting way up the infection chain by crafting a special Flash file and uploading it on compromised hosts. This ensures proper filtering of non desirable traffic even before the gate to the exploit kit.

CONTINUE READINGNo Comments

August 10, 2016 - In this malvertising campaign, both RIG EK and Sundown EK are used to deliver the same threat, an indication that the actor behind it is either testing or maximizing infection rates.

CONTINUE READINGNo Comments

August 3, 2016 - In the cybercrime landscape, Exploit Kits (EKs) are the tool of choice to infect endpoints by exploiting software vulnerabilities. However, a critical component EKs rely on is web traffic, which must be directed towards them. In this post, we take a look at what we sometimes refer to as 'gates'. Hacked websites are injected with code to an intermediary webpage that serves as the gateway to the exploit kit.

CONTINUE READING1 Comment

Select your language